This changeset adds `spellcheck="false"` attribute to various password fields.
The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.
Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes#56763.
Built from https://develop.svn.wordpress.org/trunk@55094
git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds `wp_theme_has_theme_json()` for public consumption, to replace the private internal Core-only `WP_Theme_JSON_Resolver::theme_has_support()` method. This new global function checks if a theme or its parent has a `theme.json` file.
For performance, results are cached as an integer `1` or `0` in the `'theme_json'` group with `'wp_theme_has_theme_json'` key. This is a non-persistent cache. Why? To make the derived data from `theme.json` is always fresh from the potential modifications done via hooks that can use dynamic data (modify the stylesheet depending on some option, settings depending on user permissions, etc.).
Also adds a new public function `wp_clean_theme_json_cache()` to clear the cache on `'switch_theme'` and `start_previewing_theme'`.
References:
* [https://github.com/WordPress/gutenberg/pull/45168 Gutenberg PR 45168] Add `wp_theme_has_theme_json` as a public API to know whether a theme has a `theme.json`.
* [https://github.com/WordPress/gutenberg/pull/45380 Gutenberg PR 45380] Deprecate `WP_Theme_JSON_Resolver:theme_has_support()`.
* [https://github.com/WordPress/gutenberg/pull/46150 Gutenberg PR 46150] Make `theme.json` object caches non-persistent.
* [https://github.com/WordPress/gutenberg/pull/45979 Gutenberg PR 45979] Don't check if constants set by `wp_initial_constants()` are defined.
* [https://github.com/WordPress/gutenberg/pull/45950 Gutenberg PR 45950] Cleaner logic in `wp_theme_has_theme_json`.
Follow-up to [54493], [53282], [52744], [52049], [50959].
Props oandregal, afragen, alexstine, aristath, azaozz, costdev, flixos90, hellofromTonya, mamaduka, mcsf, ocean90, spacedmonkey.
Fixes#56975.
Built from https://develop.svn.wordpress.org/trunk@55086
git-svn-id: http://core.svn.wordpress.org/trunk@54619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes a few use case:
- When referring to the Privacy Policy page, "Privacy Policy" should use capitalization on "Privacy Policy", but "page" should remain lowercase;
- When referring to the fact that a website needs, let's say "a relevant privacy policy", "privacy policy" should stay lowercase.
This changeset also updates other small capitalization issues.
Props aravindajith, audrasjb, sarathar, nithi22, costdev.
Fixes#57226.
Built from https://develop.svn.wordpress.org/trunk@55082
git-svn-id: http://core.svn.wordpress.org/trunk@54615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The [https://make.wordpress.org/core/2021/02/19/feature-plugin-rollback-update-failure/ Rollback Update Failure feature project] has been split into two plugins for testing:
* [https://github.com/afragen/faster-updates Faster Updates] speeds up plugin or theme updates by moving files rather than copying them, thus decreasing the memory usage and reducing the chance of timeouts or running out of disk space during updates.
* [https://wordpress.org/plugins/rollback-update-failure/ Rollback Update Failure] creates a temporary backup of plugins and themes before updating. This aims to make the update process more reliable and ensure that if a plugin or theme update fails, the previous version can be safely restored.
The current priority of the feature project is to test the new `move_dir()` function, which offers better performance than `copy_dir()`. Instead of copying a directory in a recursive manner file by file from one location to another, `move_dir()` uses the `rename()` PHP function to speed up the process, which is instrumental in updating large plugins without a delay. If the renaming failed, it falls back to the `copy_dir()` WP function.
The `move_dir()` function is self-contained in the Faster Updates plugin and does not require any special hooks in core, so the conditional previously added to `WP_Upgrader::install_package()` to facilitate testing is no longer needed and can be removed.
Follow-up to [53578], [54484], [54643].
Props afragen, costdev, peterwilsoncc.
See #56057, #57375, #57386.
Built from https://develop.svn.wordpress.org/trunk@55055
git-svn-id: http://core.svn.wordpress.org/trunk@54588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds an anchor in Comments keyboard shortcut documentation links to direct the user to a more specific section of the HelpHub documentation. It also removes `target="_blank" from a link, since preventing data loss when clicking any on User Edit and Comment Edit screens is already handled by another existing ticket (#40493).
Props NekoJonez, SergeyBiryukov, sabernhardt, dennisatyoast, robinwpdeveloper.
Fixes#56920.
Built from https://develop.svn.wordpress.org/trunk@55042
git-svn-id: http://core.svn.wordpress.org/trunk@54575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes a mention of the "Page" post type from the Discussion meta box as this is a generic meta box, used for multiple post types. It makes it more consistent with the other option available in the meta box ("Allow comments") and also with the corresponding option in the block editor.
Follow-up to [12323].
Props jeremyfelt, sabernhardt, audrasjb, virgar.
Fixes#57429.
See #11346.
Built from https://develop.svn.wordpress.org/trunk@55040
git-svn-id: http://core.svn.wordpress.org/trunk@54573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds `required="required"` attributes to required form fields and uses `wp_required_field_message()` and `wp_required_field_indicator()` functions to improve the generated markup, and for better consistency with other required fields.
Props jackreichert, flixos90, afercia, sabernhardt.
Fixes#38460.
Built from https://develop.svn.wordpress.org/trunk@55026
git-svn-id: http://core.svn.wordpress.org/trunk@54559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
This commit also resolves 2 blocking issues which previously caused the revert of [52244]:
* New Requests files are loaded into `wp-includes/Requests/src/`, matching the location of the library. In doing so, filesystems that are case-insensitive are not impacted (see #54582).
* Preload: During a Core update, the old Requests files are preloaded into memory before the update deletes the files. Preloading avoids fatal errors noted in #54562.
Follow-up to [50842], [51078], [52244], [52315], [52327], [52328].
Props jrf, schlessera, datagutten, wojsmol, dustinrue, soulseekah, szepeviktor. costdev, sergeybiryukov, peterwilsoncc, ironprogrammer, antonvlasenko, hellofromTonya, swissspidy, dd32, azaozz, TobiasBg, audrasjb.
Fixes#54504.
See #54582, #54562.
Built from https://develop.svn.wordpress.org/trunk@54997
git-svn-id: http://core.svn.wordpress.org/trunk@54530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When rendering a list of attachments in `WP_Media_List_Table` class, none image attachments, show a generic icon. However, attachment types like audio and video support adding a featured image. For attachments that have featured images, us this image instead of the icon. This featured image is a better preview than a generic icon.
Props spacedmonkey, samful, johnbillion, JavierCasares, seanchayes, antpb, cadic, JeffPaul.
Fixes#49852.
Built from https://develop.svn.wordpress.org/trunk@54941
git-svn-id: http://core.svn.wordpress.org/trunk@54493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since `ABSPATH` is defined and documented to end with a forward slash `/`, this changeset removes the first `/` from strings appended to `ABSPATH` in various files, leading to `//` in the resulting path.
Props TobiasBg, audrasjb, SergeyBiryukov, emanuelx.
Fixes#57074.
See #57071.
Built from https://develop.svn.wordpress.org/trunk@54872
git-svn-id: http://core.svn.wordpress.org/trunk@54424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit adds inline comments instructing PHPCS to ignore some lines for database queries. An explanation is provided with each instruction.
This resolves a few WPCS warnings along the lines of:
{{{
Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "DESC $table_name"
}}}
Follow-up to [236], [265], [5778].
Props jipmoors, costdev, jrf, SergeyBiryukov.
Fixes#43761.
Built from https://develop.svn.wordpress.org/trunk@54858
git-svn-id: http://core.svn.wordpress.org/trunk@54410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the `$type` and `$label` variables are set to values that do not currently require escaping, this may change in the future, so it is preferable to add the escaping as a defensive coding measure.
Follow-up to [16294], [29030].
Props monzuralam, rudlinkon, hztyfoon, peterwilsoncc.
Fixes#57133.
Built from https://develop.svn.wordpress.org/trunk@54857
git-svn-id: http://core.svn.wordpress.org/trunk@54409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes minor formatting edits for consistency.
Follow-up to [53/tests], [12179], [12946], [35288], [37884], [38810], [38928], [46596], [48131], [52955], [53548], [53813], [53873], [54118], [54316], [54420], [54421], [54803].
See #56792.
Built from https://develop.svn.wordpress.org/trunk@54855
git-svn-id: http://core.svn.wordpress.org/trunk@54407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because themes are updated independently of Core updates, any deleted files from bundled themes should not be included in the `$_old_files` list.
Any file included in this list is deleted on update, which could cause problems for sites with a given theme active if the removed files were required in earlier versions of that theme and that theme is not updated at the same time.
Props desrosj, costdev, SergeyBiryukov.
Fixes#56936.
Built from https://develop.svn.wordpress.org/trunk@54849
git-svn-id: http://core.svn.wordpress.org/trunk@54401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This properly deletes the now empty `src/wp-includes/blocks/comments-query-loop` directory and adds that directory to the `$_old_files` array.
The files in this directory were removed in [54257], but the directory was not marked as deleted in SVN.
Props azaozz, jorbin, SergeyBiryukov.
Fixes#57080.
Built from https://develop.svn.wordpress.org/trunk@54836
git-svn-id: http://core.svn.wordpress.org/trunk@54388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Calling the `wp_get_theme` function creates a instance of the `WP_Theme` class. This can be a performance issue, if all you need is one property of the class instance. This change replaces the usage of `wp_get_theme()->get_stylesheet()` with `get_stylesheet()` to improve performance.
Props spacedmonkey, flixos90, peterwilsoncc, desrosj.
Fixes#57057.
Built from https://develop.svn.wordpress.org/trunk@54817
git-svn-id: http://core.svn.wordpress.org/trunk@54369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This partially reverts [53860] and [53862], which refactored the `exists()` method to rely on `ftp_rawlist()` instead of `ftp_nlist()`.
[53860] makes a similar attempt to the ones made in [33648] and [34733] (which were also reverted in [35944]). Being compliant with the specifications while continuing to work without issue for all FTP servers continues seem impossible. These little ghosts are the ones we’re scared of the most.
Props jsh4, afragen, costdev, pkolenbr, SergeyBiryukov, dd32, peterwilsoncc, gamecreature, desrosj.
Fixes#56966.
See #51170, #28013.
Built from https://develop.svn.wordpress.org/trunk@54815
git-svn-id: http://core.svn.wordpress.org/trunk@54367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [53874] the optional `$locale` parameter was added to `load_textdomain()`. While most `load_textdomain()` calls in core were were updated, some were missed. Passing the original locale avoids the need to call `determine_locale()` by `load_textdomain()` which is used as a fallback.
Props ocean90, swissspidy, desrosj.
See #57060.
Built from https://develop.svn.wordpress.org/trunk@54797
git-svn-id: http://core.svn.wordpress.org/trunk@54349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Resolves a fatal error due to `get_template_hierarchy()` due to incompatible older Gutenberg versions.
[54269] introduced this new function for 6.1. The function was introduced in Gutenberg 13.9.0. However, it was not guarded to protect the plugin from when the function was loaded in Core. Gutenberg 14.1.0 added the `function_exists()` guard to protect the plugin from the fatal error.
Minimum compatible version:
This commit changes the Gutenberg minimum compatible version number to 14.1. For versions older than 14.1, the plugin will deactivate when upgrading Core to 6.1 or newer.
Function rename:
Past commits renamed the upgrade function by changing Core's version number. This commit renames the function to be generic, i.e. `_upgrade_core_deactivate_incompatible_plugins()` and adopts the `@since [reason]` strategy to track historical changes to the function.
Follow-up to [54269], [52199], [52166], [52165], [51180].
Props namithjawahar, hellofromTonya, azaozz, desrosj, ironprogrammer.
Fixes#56985.
Built from https://develop.svn.wordpress.org/trunk@54789
git-svn-id: http://core.svn.wordpress.org/trunk@54341 1a063a9b-81f0-0310-95a4-ce76da25c4cd